From 97645ee6d1cf4e9f3a2ca1fc07421fe40ba80755 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 13 Nov 2018 10:07:24 -0500 Subject: [PATCH] - Synchronized data. --- 2018/16xxx/CVE-2018-16850.json | 151 +++++++++++++++++---------------- 2018/17xxx/CVE-2018-17187.json | 9 ++ 2018/1xxx/CVE-2018-1293.json | 4 +- 2018/1xxx/CVE-2018-1792.json | 126 ++++++++++++++------------- 2018/1xxx/CVE-2018-1808.json | 84 +++++++++--------- 5 files changed, 191 insertions(+), 183 deletions(-) diff --git a/2018/16xxx/CVE-2018-16850.json b/2018/16xxx/CVE-2018-16850.json index 65ec6bb2ac5..01ec1c686ba 100644 --- a/2018/16xxx/CVE-2018-16850.json +++ b/2018/16xxx/CVE-2018-16850.json @@ -1,77 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2018-16850", - "ASSIGNER": "psampaio@redhat.com" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "The PostgreSQL Project", - "product": { - "product_data": [ - { - "product_name": "postgresql", - "version": { - "version_data": [ - { - "version_value": "11.1" - }, - { - "version_value": "10.6" - } - ] - } - } - ] - } - } + "CVE_data_meta" : { + "ASSIGNER" : "psampaio@redhat.com", + "ID" : "CVE-2018-16850", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "postgresql", + "version" : { + "version_data" : [ + { + "version_value" : "11.1" + }, + { + "version_value" : "10.6" + } + ] + } + } + ] + }, + "vendor_name" : "The PostgreSQL Project" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges." + } + ] + }, + "impact" : { + "cvss" : [ + [ + { + "vectorString" : "8/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version" : "3.0" + } + ] + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-89" + } ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.postgresql.org/about/news/1905/" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850", - "refsource": "CONFIRM" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges." - } - ] - }, - "impact": { - "cvss": [ - [ - { - "vectorString": "8/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" - } - ] - ] - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850" + }, + { + "name" : "https://www.postgresql.org/about/news/1905/", + "refsource" : "CONFIRM", + "url" : "https://www.postgresql.org/about/news/1905/" + } + ] + } } diff --git a/2018/17xxx/CVE-2018-17187.json b/2018/17xxx/CVE-2018-17187.json index 8528aaa72de..c562b4cf946 100644 --- a/2018/17xxx/CVE-2018-17187.json +++ b/2018/17xxx/CVE-2018-17187.json @@ -53,9 +53,18 @@ "references" : { "reference_data" : [ { + "name" : "https://issues.apache.org/jira/browse/PROTON-1962", + "refsource" : "MISC", "url" : "https://issues.apache.org/jira/browse/PROTON-1962" }, { + "name" : "https://mail-archives.apache.org/mod_mbox/qpid-users/201811.mbox/%3CCAFitrpQSV73Vz7rJYfLJK7gvEymZSCR5ooWUeU8j4jzRydk-eg%40mail.gmail.com%3E", + "refsource" : "MISC", + "url" : "https://mail-archives.apache.org/mod_mbox/qpid-users/201811.mbox/%3CCAFitrpQSV73Vz7rJYfLJK7gvEymZSCR5ooWUeU8j4jzRydk-eg%40mail.gmail.com%3E" + }, + { + "name" : "https://qpid.apache.org/cves/CVE-2018-17187.html", + "refsource" : "MISC", "url" : "https://qpid.apache.org/cves/CVE-2018-17187.html" } ] diff --git a/2018/1xxx/CVE-2018-1293.json b/2018/1xxx/CVE-2018-1293.json index 47967f59b96..85d4b265af6 100644 --- a/2018/1xxx/CVE-2018-1293.json +++ b/2018/1xxx/CVE-2018-1293.json @@ -2,7 +2,7 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-1293", - "STATE" : "RESERVED" + "STATE" : "REJECT" }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +11,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2018/1xxx/CVE-2018-1792.json b/2018/1xxx/CVE-2018-1792.json index 8aaa31d64fe..220a108fabe 100644 --- a/2018/1xxx/CVE-2018-1792.json +++ b/2018/1xxx/CVE-2018-1792.json @@ -1,61 +1,10 @@ { - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "S" : "C", - "A" : "H", - "C" : "H", - "AV" : "L", - "PR" : "L", - "UI" : "N", - "AC" : "L", - "I" : "H", - "SCORE" : "8.800" - } - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-11-12T00:00:00", + "ID" : "CVE-2018-1792", + "STATE" : "PUBLIC" }, - "description" : { - "description_data" : [ - { - "value" : "IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.", - "lang" : "eng" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10734447", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10734447", - "title" : "IBM Security Bulletin 734447 (MQ)", - "refsource" : "CONFIRM" - }, - { - "name" : "ibm-websphere-cve20181792-priv-escalation (148947)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_version" : "4.0", "affects" : { "vendor" : { "vendor_data" : [ @@ -63,6 +12,7 @@ "product" : { "product_data" : [ { + "product_name" : "MQ", "version" : { "version_data" : [ { @@ -135,8 +85,7 @@ "version_value" : "9.1.0.0" } ] - }, - "product_name" : "MQ" + } } ] }, @@ -145,12 +94,61 @@ ] } }, - "data_type" : "CVE", "data_format" : "MITRE", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2018-11-12T00:00:00", - "ID" : "CVE-2018-1792", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "H", + "AC" : "L", + "AV" : "L", + "C" : "H", + "I" : "H", + "PR" : "L", + "S" : "C", + "SCORE" : "8.800", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Privileges" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10734447", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10734447" + }, + { + "name" : "ibm-websphere-cve20181792-priv-escalation(148947)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148947" + } + ] } } diff --git a/2018/1xxx/CVE-2018-1808.json b/2018/1xxx/CVE-2018-1808.json index 81f3ec5fe69..2a57da7021e 100644 --- a/2018/1xxx/CVE-2018-1808.json +++ b/2018/1xxx/CVE-2018-1808.json @@ -1,18 +1,14 @@ { "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", "DATE_PUBLIC" : "2018-10-24T00:00:00", "ID" : "CVE-2018-1808", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" + "STATE" : "PUBLIC" }, - "data_format" : "MITRE", - "data_version" : "4.0", - "data_type" : "CVE", "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -44,18 +40,50 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "N", + "I" : "L", + "PR" : "L", + "S" : "U", + "SCORE" : "4.300", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { "description" : [ { - "value" : "Gain Access", - "lang" : "eng" + "lang" : "eng", + "value" : "Gain Access" } ] } @@ -64,45 +92,15 @@ "references" : { "reference_data" : [ { - "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10735905", "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10735905", - "title" : "IBM Security Bulletin 0735905", - "refsource" : "CONFIRM" + "refsource" : "CONFIRM", + "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10735905" }, { - "title" : "X-Force Vulnerability Report", + "name" : "ibm-websphere-cve20181808-ssi(149828)", "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149828", - "name" : "ibm-websphere-cve20181808-ssi (149828)" + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149828" } ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "N", - "C" : "N", - "A" : "N", - "S" : "U", - "SCORE" : "4.300", - "UI" : "N", - "AC" : "L", - "I" : "L", - "PR" : "L" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } } }